<?php
session_start();
require_once("conn.php");
if( !isset ( $_SESSION['user_id'] )) {
if( isset( $_POST['login'] )) {
	$user = mysql_real_escape_string($_POST['user']);
	$pass = md5($_POST['pass']);
	$q = "SELECT id, nick FROM players WHERE nick = '{$user}' AND pass = '{$pass}'";
	if(mysql_num_rows($result) !== 1){ 
		header("Location: login.php?badlogin"); 
		die(); 
	}
	$row = mysql_fetch_array(mysql_query($q), MYSQL_ASSOC);
	$_SESSION['user_id'] = $row['id'];
	$_SESSION['user_nick'] = $row['nick'];
}
echo '
<form action="login.php" method="post">
<input type="text" name="user">
<input type="password" name="pass">
<input type="submit" name="login" value="Log in">
</form>';
}
